| |
| |||||||
Log-Analyse und Auswertung: Rechner extrem Langsam. Troz Registry und Festplattenbereinigung.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
03.07.2011, 17:22
| #1 |
| |  Rechner extrem Langsam. Troz Registry und Festplattenbereinigung. Hallo Leute, ich bin neu hier. Seit ein Paar tagen ist mein Rechner extrem langsam. Ich habe ihn mit CCleaner bereinigt (Registry und Festpaltte) und mit Defraggler Defragmentiert. Leider hat das nichts gebracht. Ich hab jetzt mal Combofix drüberlaufen lassen. Hier der Log: Code:
ATTFilter ComboFix 11-07-02.03 - Sascha 03.07.2011 16:33:56.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2047.659 [GMT 2:00]
ausgeführt von:: c:\users\Sascha\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
L:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-03 bis 2011-07-03 ))))))))))))))))))))))))))))))
.
.
2011-07-03 15:08 . 2011-07-03 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-03 14:25 . 2011-07-03 14:25 -------- d-----w- c:\users\Sascha\AppData\Roaming\Adobe Mini Bridge CS5
2011-07-03 14:25 . 2011-07-03 14:25 -------- d-----w- c:\users\Sascha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-03 13:54 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC003413-65E3-4156-A6FD-B2556C23EF79}\mpengine.dll
2011-06-29 15:10 . 2011-06-29 15:10 -------- d-----w- c:\program files\CCleaner
2011-06-29 12:44 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 12:44 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 12:44 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 12:44 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 12:44 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-24 11:54 . 2011-06-24 12:07 -------- d-----w- c:\users\Sascha\workspace
2011-06-23 21:11 . 2011-06-24 12:14 -------- d-----w- c:\users\Sascha\.android
2011-06-23 21:11 . 2011-06-23 21:11 -------- d-----w- c:\program files (x86)\Android
2011-06-23 21:08 . 2011-06-23 21:08 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-23 21:07 . 2011-06-23 21:08 -------- d-----w- c:\program files\Java
2011-06-23 21:05 . 2011-06-24 12:13 -------- d-----w- c:\program files (x86)\eclipse
2011-06-23 17:29 . 2011-06-23 17:29 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 17:29 . 2011-06-23 17:29 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-22 18:29 . 2011-06-22 18:29 -------- d-----w- c:\programdata\Microsoft Visual Studio
2011-06-21 12:55 . 2011-06-21 12:55 -------- d-----w- c:\programdata\ATI
2011-06-21 12:55 . 2011-06-21 12:55 -------- d-----w- c:\program files (x86)\AMD APP
2011-06-19 19:02 . 2011-06-06 16:36 4005936 ----a-w- c:\windows\SysWow64\GameMon.des
2011-06-19 19:02 . 2005-01-02 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-06-19 19:02 . 2003-07-18 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-06-19 19:02 . 2011-06-19 19:02 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-06-18 13:17 . 2011-06-18 13:17 -------- d-----w- C:\fd9e99b99c003c1c8dfcf210c70e
2011-06-17 20:33 . 2011-06-17 20:34 -------- d-----w- c:\users\Sascha\AppData\Roaming\Trillian
2011-06-17 20:33 . 2011-06-17 20:33 -------- d-----w- c:\program files (x86)\Trillian
2011-06-17 11:30 . 2011-06-17 11:32 -------- d-----w- c:\program files (x86)\Gabelstapler Simulator 2009
2011-06-17 11:29 . 2000-08-19 17:29 268048 ----a-w- c:\windows\SysWow64\dxtmeta2.dll
2011-06-16 18:14 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 18:14 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 18:14 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 18:14 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 18:14 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 18:14 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 18:14 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 18:14 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 18:14 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 18:14 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 18:14 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 18:14 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 18:14 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-16 13:58 . 2011-06-19 14:08 -------- d-----w- C:\HammerAutosave
2011-06-16 12:51 . 2011-06-16 13:01 -------- d-----w- c:\programdata\TrackMania
2011-06-15 19:38 . 2011-06-15 19:38 -------- d-----w- c:\program files (x86)\Pokemon World Online
2011-06-15 16:36 . 2011-06-15 16:36 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-06-15 16:36 . 2011-06-15 16:36 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2011-06-15 16:24 . 2011-06-15 16:24 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-06-14 19:36 . 2011-07-03 14:05 -------- d-----w- c:\users\Sascha\AppData\Roaming\skypePM
2011-06-14 19:36 . 2011-06-30 15:41 -------- d-----w- c:\programdata\Skype Extras
2011-06-14 19:32 . 2011-07-03 15:05 -------- d-----w- c:\users\Sascha\AppData\Roaming\Skype
2011-06-14 19:31 . 2011-06-14 19:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-06-14 19:31 . 2011-06-14 19:32 -------- d-----r- c:\program files (x86)\Skype
2011-06-14 19:31 . 2011-06-14 19:31 -------- d-----w- c:\programdata\Skype
2011-06-14 14:03 . 2011-06-14 15:01 -------- d-----w- c:\program files (x86)\Just Cause 2
2011-06-12 11:14 . 2011-06-12 11:14 -------- d-----w- c:\users\Sascha\AppData\Local\SKIDROW
2011-06-11 14:00 . 2011-06-11 14:00 -------- d-----w- c:\program files (x86)\Valve
2011-06-06 14:13 . 2011-06-06 14:13 -------- d-----w- C:\MyMod
2011-06-06 10:50 . 2011-06-06 10:50 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-06-05 18:02 . 2011-06-05 18:02 -------- d-sh--w- c:\programdata\DSS
2011-06-05 18:02 . 2011-06-05 18:02 -------- d-----w- c:\programdata\Codemasters
2011-06-05 18:00 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-06-05 18:00 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-06-05 18:00 . 2011-06-05 18:00 -------- d-----w- c:\program files (x86)\BRS
2011-06-05 18:00 . 2011-06-05 18:00 -------- d-----w- c:\program files (x86)\OpenAL
2011-06-05 18:00 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp3093.tmp
2011-06-05 17:51 . 2011-06-05 17:51 -------- d-----w- c:\program files (x86)\Codemasters
2011-06-05 10:23 . 2011-06-05 10:23 -------- d-----w- c:\users\Sascha\AppData\Local\Activision
2011-06-05 09:44 . 2007-10-24 21:12 18853376 ----a-r- c:\program files (x86)\CryEngine(R)2 Sandbox(TM)2.msi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 12:50 . 2011-04-20 02:30 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-06-21 12:49 . 2011-04-20 01:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-06-21 12:49 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-06-21 12:49 . 2011-04-20 01:30 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-06-21 12:49 . 2011-04-20 01:23 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-06-21 12:49 . 2011-04-20 01:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-06-21 12:49 . 2011-04-20 02:07 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-06-21 12:49 . 2011-04-20 01:38 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-06-21 12:49 . 2011-04-20 02:09 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-06-21 12:49 . 2011-04-20 01:49 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-06-21 12:49 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-06-21 12:49 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-06-16 19:04 . 2011-05-11 15:09 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-16 11:46 . 2011-05-25 15:29 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 17:10 . 2011-05-15 14:49 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-05 18:04 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-05 18:04 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-05 18:00 . 2011-05-25 15:15 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-05 18:00 . 2011-05-25 15:15 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-05 18:00 . 2011-05-25 15:15 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-05 18:00 . 2011-05-25 15:15 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-11 19:27 . 2011-05-11 19:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-10 20:36 . 2011-05-10 20:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-10 20:36 . 2011-05-10 20:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-10 20:36 . 2011-05-10 20:36 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-10 20:36 . 2011-05-10 20:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-10 20:36 . 2011-05-10 20:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-10 20:36 . 2011-05-10 20:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-10 20:36 . 2011-05-10 20:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-10 20:36 . 2011-05-10 20:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-10 20:36 . 2011-05-10 20:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-10 20:36 . 2011-05-10 20:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-10 20:36 . 2011-05-10 20:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-10 20:36 . 2011-05-10 20:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-10 20:36 . 2011-05-10 20:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-10 20:36 . 2011-05-10 20:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-10 20:36 . 2011-05-10 20:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-10 20:36 . 2011-05-10 20:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-10 20:36 . 2011-05-10 20:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-10 20:36 . 2011-05-10 20:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-10 20:36 . 2011-05-10 20:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-10 20:36 . 2011-05-10 20:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-10 20:36 . 2011-05-10 20:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-10 20:36 . 2011-05-10 20:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-10 20:36 . 2011-05-10 20:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-10 20:36 . 2011-05-10 20:36 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-10 20:36 . 2011-05-10 20:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-10 20:36 . 2011-05-10 20:36 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-10 20:36 . 2011-05-10 20:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-10 20:36 . 2011-05-10 20:36 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-10 20:36 . 2011-05-10 20:36 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-10 20:36 . 2011-05-10 20:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-10 20:36 . 2011-05-10 20:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-10 20:36 . 2011-05-10 20:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-10 20:36 . 2011-05-10 20:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-10 20:36 . 2011-05-10 20:36 448512 ----a-w- c:\windows\system32\html.iec
2011-05-10 20:36 . 2011-05-10 20:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-10 20:36 . 2011-05-10 20:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-10 20:36 . 2011-05-10 20:36 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-10 20:36 . 2011-05-10 20:36 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-10 19:34 . 2011-05-10 19:34 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2011-05-10 19:34 . 2011-05-10 19:34 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll
2011-05-10 19:34 . 2011-05-10 19:34 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-05-10 19:34 . 2011-05-10 19:34 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2011-05-10 19:34 . 2011-05-10 19:34 30728 ----a-w- c:\windows\system32\drivers\LGPBTDD.sys
2011-05-10 19:33 . 2011-05-10 19:33 53248 ----a-r- c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-10 19:33 . 2011-05-10 19:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-22 11:09 . 2011-04-22 11:09 1858384 ----a-w- c:\windows\system32\msvcr100d.dll
2011-04-22 11:09 . 2011-04-22 11:09 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2011-04-22 11:03 . 2011-04-22 11:03 9032016 ----a-w- c:\windows\system32\mfc100ud.dll
2011-04-22 11:03 . 2011-04-22 11:03 8955728 ----a-w- c:\windows\system32\mfc100d.dll
2011-04-22 11:03 . 2011-04-22 11:03 120144 ----a-w- c:\windows\system32\mfcm100ud.dll
2011-04-22 11:03 . 2011-04-22 11:03 118608 ----a-w- c:\windows\system32\mfcm100d.dll
2011-04-22 10:58 . 2011-04-22 10:58 106832 ----a-w- c:\windows\system32\vcomp100d.dll
2011-04-22 10:15 . 2011-04-22 10:15 87888 ----a-w- c:\windows\SysWow64\vcomp100d.dll
2011-04-22 10:15 . 2011-04-22 10:15 80720 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2011-04-22 10:15 . 2011-04-22 10:15 80208 ----a-w- c:\windows\SysWow64\mfcm100.dll
2011-04-22 10:15 . 2011-04-22 10:15 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2011-04-22 10:15 . 2011-04-22 10:15 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2011-04-22 10:15 . 2011-04-22 10:15 6994256 ----a-w- c:\windows\SysWow64\mfc100ud.dll
2011-04-22 10:15 . 2011-04-22 10:15 6926672 ----a-w- c:\windows\SysWow64\mfc100d.dll
2011-04-22 10:15 . 2011-04-22 10:15 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll
2011-04-22 10:15 . 2011-04-22 10:15 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll
2011-04-22 10:15 . 2011-04-22 10:15 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll
2011-04-22 10:15 . 2011-04-22 10:15 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll
2011-04-22 10:15 . 2011-04-22 10:15 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll
2011-04-22 10:15 . 2011-04-22 10:15 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll
2011-04-22 10:15 . 2011-04-22 10:15 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll
2011-04-22 10:15 . 2011-04-22 10:15 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll
2011-04-22 10:15 . 2011-04-22 10:15 4368720 ----a-w- c:\windows\SysWow64\mfc100u.dll
2011-04-22 10:15 . 2011-04-22 10:15 4342600 ----a-w- c:\windows\SysWow64\mfc100.dll
2011-04-22 10:15 . 2011-04-22 10:15 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll
2011-04-22 10:15 . 2011-04-22 10:15 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2011-04-22 10:15 . 2011-04-22 10:15 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll
2011-04-22 10:15 . 2011-04-22 10:15 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll
2011-04-22 10:15 . 2011-04-22 10:15 1497936 ----a-w- c:\windows\SysWow64\msvcr100d.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-05-10 1242448]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"AlSrvN"="c:\program files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe" [2010-02-06 53760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-25 129648]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-03-02 1310720]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-03-27 1431040]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-04-30 598528]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
.
c:\users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-5-18 676352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S2 WPhoneRAPI;Windows Phone RAPI Connectivity Service;c:\program files (x86)\Windows Phone\WPhoneRAPI.exe [2009-08-11 78032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCGtime.dll" [2007-02-22 28672]
"lxcgmon.exe"="c:\program files (x86)\Lexmark 2300 Series\lxcgmon.exe" [2007-04-29 205744]
"EzPrint"="c:\program files (x86)\Lexmark 2300 Series\ezprint.exe" [2007-04-29 103344]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2008-09-24 3862528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\jfc4cuai.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-07-03 17:12:58
ComboFix-quarantined-files.txt 2011-07-03 15:12
.
Vor Suchlauf: 17 Verzeichnis(se), 130.111.008.768 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 129.801.007.104 Bytes frei
.
- - End Of File - - 83B2AE53A214570F14981453847E9F6D
 Greez, ExEcutAblE |
|
03.07.2011, 17:34
| #2 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Rechner extrem Langsam. Troz Registry und Festplattenbereinigung.Zitat:
Zitat:
Und warum führst du einfach so CF aus ohne Anweisung?!  Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html Zitat:
__________________ |
|
03.07.2011, 17:57
| #3 |
| | Rechner extrem Langsam. Troz Registry und Festplattenbereinigung. Okay, dann habe ich ja jetzt beim erstenmal ALLES falsch gemacht was man falsch machen kann -.-
__________________Ich hoffe trozdem das mir noch jemand weiterhelfen kann  |
|
03.07.2011, 18:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem Langsam. Troz Registry und Festplattenbereinigung. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
03.07.2011, 22:38
| #5 |
| | Rechner extrem Langsam. Troz Registry und Festplattenbereinigung. Okay, ich hab die Scans mal durchgeführt. Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 7012
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
03.07.2011 21:38:43
mbam-log-2011-07-03 (21-38-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 742215
Laufzeit: 1 Stunde(n), 35 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{CCBC50C0-C0B9-CEC4-E323-D8C0024D1000} (Backdoor.Shark) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CCBC50C0-C0B9-CEC4-E323-D8C0024D1000} (Backdoor.Shark) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.Shark) -> Value: Windows Update -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\System32\svchost (Backdoor.Shark) -> No action taken.
c:\Windows\SysWOW64\svchost (Backdoor.Shark) -> No action taken.
Code:
ATTFilter OTL logfile created on: 03.07.2011 21:45:58 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Sascha\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,69% Memory free 4,11 Gb Paging File | 1,89 Gb Available in Paging File | 45,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 390,53 Gb Total Space | 119,03 Gb Free Space | 30,48% Space Free | Partition Type: NTFS Drive K: | 99,86 Gb Total Space | 12,50 Gb Free Space | 12,52% Space Free | Partition Type: NTFS Drive L: | 831,65 Gb Total Space | 293,76 Gb Free Space | 35,32% Space Free | Partition Type: NTFS Drive M: | 6,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.03 21:39:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe PRC - [2011.06.23 19:29:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.10 21:34:05 | 000,858,696 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe PRC - [2011.05.10 21:34:05 | 000,850,504 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe PRC - [2011.05.10 21:34:05 | 000,498,248 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe PRC - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.03.25 23:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.03.06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2009.08.11 11:49:20 | 000,078,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Phone\WPhoneRAPI.exe PRC - [2009.04.30 13:33:36 | 000,598,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe PRC - [2008.09.24 15:43:36 | 003,862,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2007.04.29 22:56:26 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe ========== Modules (SafeList) ========== MOD - [2011.07.03 21:39:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe MOD - [2010.11.21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.21 14:49:13 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2008.07.15 12:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2007.04.29 22:55:08 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device) SRV - [2011.06.06 18:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.02 16:15:37 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.08.11 11:49:20 | 000,078,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Windows Phone\WPhoneRAPI.exe -- (WPhoneRAPI) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcgcoms.exe -- (lxcg_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.21 14:49:40 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.06.21 14:49:29 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.06.21 14:49:29 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.21 14:49:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.05.11 16:02:18 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.05.10 21:34:05 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.05.10 21:34:05 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.05.10 21:34:04 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD) DRV:64bit: - [2011.03.25 23:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.03.25 23:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.03.25 23:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2011.03.25 23:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.04.07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.01.16 09:58:38 | 000,473,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2008.04.22 08:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2007.10.12 02:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.10.12 01:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 01 D8 68 47 0F CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.05.11 23:19:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.23 19:29:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.10 21:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions [2011.07.03 14:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\jfc4cuai.default\extensions [2011.06.14 21:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.14 21:32:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.05.11 21:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\SASCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFC4CUAI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.06.23 19:29:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.15 18:36:27 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.03 17:08:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - File not found O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [LXCGCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCGtime.DLL () O4:64bit: - HKLM..\Run: [lxcgmon.exe] C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [AlSrvN] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - c:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.04 20:10:02 | 000,052,736 | R--- | M] (Eden Games) - M:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2011.01.04 20:10:02 | 000,000,042 | R--- | M] () - M:\AutoRun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.I420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.03 21:44:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe [2011.07.03 18:35:36 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Malwarebytes [2011.07.03 18:35:20 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.03 18:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.03 18:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.03 18:35:16 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.07.03 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.03 18:03:05 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\sharK_2.3.2 [2011.07.03 16:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.07.03 16:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.07.03 16:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.07.03 16:32:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.07.03 16:31:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.07.03 16:25:12 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Adobe Mini Bridge CS5 [2011.07.03 16:25:11 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.06.29 17:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.29 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.06.24 13:54:53 | 000,000,000 | ---D | C] -- C:\Users\Sascha\workspace [2011.06.23 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\droiddraw-r1b20 [2011.06.23 23:16:23 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\droiddraw-r1b19 [2011.06.23 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Sascha\.android [2011.06.23 23:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools [2011.06.23 23:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android [2011.06.23 23:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.06.23 23:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eclipse [2011.06.22 20:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio [2011.06.21 14:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.06.21 14:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.06.21 14:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.06.21 14:49:43 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.06.21 14:49:42 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.06.21 14:49:18 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.06.21 14:49:13 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.06.19 21:02:50 | 004,005,936 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2011.06.19 21:02:39 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys [2011.06.19 21:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2011.06.18 15:17:07 | 000,000,000 | ---D | C] -- C:\fd9e99b99c003c1c8dfcf210c70e [2011.06.17 22:33:36 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Trillian [2011.06.17 22:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian [2011.06.17 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\Trillian.5.Pro.for.Windows.v5.0.0.33-TE [2011.06.17 13:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gabelstapler Simulator 2009 [2011.06.17 13:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabelstapler Simulator 2009 [2011.06.17 13:29:52 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\SysWow64\dxtmeta2.dll [2011.06.16 15:58:06 | 000,000,000 | ---D | C] -- C:\HammerAutosave [2011.06.16 14:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania [2011.06.16 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\TrackMania [2011.06.15 21:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon World Online [2011.06.15 21:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pokemon World Online [2011.06.15 18:38:08 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\Flight Simulator X-Dateien [2011.06.15 18:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011.06.15 18:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2011.06.15 18:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2011.06.14 21:36:01 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\skypePM [2011.06.14 21:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011.06.14 21:32:37 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Skype [2011.06.14 21:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.06.14 21:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.06.14 21:31:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011.06.14 21:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.06.14 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\Square Enix [2011.06.14 16:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Just Cause 2 [2011.06.13 20:26:57 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\Kung.Fu.Panda.2.TS.MD.German.XviD-CinePlexx [2011.06.12 13:14:17 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\SKIDROW [2011.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011.06.11 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve [2011.06.06 16:13:11 | 000,000,000 | ---D | C] -- C:\MyMod [2011.06.06 12:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.06.05 20:02:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2011.06.05 20:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2011.06.05 20:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.06.05 20:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2011.06.05 20:00:30 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2011.06.05 20:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2011.06.05 20:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2011.06.05 19:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters [2011.06.05 12:23:01 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Activision [2011.05.17 22:41:05 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2011.05.17 22:41:05 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2011.05.17 22:41:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2011.05.17 22:41:04 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2011.05.17 22:41:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2011.05.17 22:41:03 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2011.05.17 22:41:03 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2011.05.17 22:41:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2011.05.17 22:41:03 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2011.05.17 22:41:03 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2011.05.17 22:41:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2011.05.17 22:41:03 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2011.05.17 22:41:03 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2011.05.17 22:41:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2011.05.17 22:41:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.03 21:39:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe [2011.07.03 18:35:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.03 17:52:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.03 17:08:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.07.03 15:52:47 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 15:52:47 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 15:43:31 | 1609,863,168 | -HS- | M] () -- C:\hiberfil.sys [2011.06.29 18:52:34 | 000,000,000 | ---- | M] () -- C:\Windows\Bench32.INI [2011.06.29 17:20:10 | 000,000,600 | ---- | M] () -- C:\Users\Sascha\AppData\Local\PUTTY.RND [2011.06.29 17:10:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2011.06.23 23:06:04 | 000,000,995 | ---- | M] () -- C:\Users\Sascha\Desktop\eclipse.exe - Verknüpfung.lnk [2011.06.23 23:05:02 | 001,814,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.23 23:05:02 | 000,767,640 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.23 23:05:02 | 000,722,958 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.23 23:05:02 | 000,175,452 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.23 23:05:02 | 000,148,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.21 14:49:54 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll [2011.06.21 14:49:50 | 000,233,765 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat [2011.06.21 14:49:48 | 001,127,552 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [2011.06.21 14:49:48 | 001,127,552 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2011.06.21 14:49:45 | 000,166,624 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2011.06.21 14:49:44 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.06.21 14:49:43 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.06.21 14:49:38 | 000,032,635 | ---- | M] () -- C:\Windows\atiogl.xml [2011.06.21 14:49:19 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.06.21 14:49:13 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.06.17 22:33:36 | 000,001,095 | ---- | M] () -- C:\Users\Sascha\Desktop\Trillian.lnk [2011.06.17 22:33:36 | 000,001,047 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2011.06.17 14:22:22 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.06.17 13:30:23 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\Gabelstapler Simulator 2009.lnk [2011.06.17 13:11:59 | 004,983,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.15 21:46:35 | 000,000,163 | ---- | M] () -- C:\Users\Sascha\Documents\PWOOptions.ini [2011.06.15 21:39:07 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon World Online.lnk [2011.06.15 20:12:14 | 000,000,132 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.06.15 18:43:41 | 000,000,712 | ---- | M] () -- C:\Users\Sascha\Desktop\Microsoft Flight Simulator X - Verknüpfung.lnk [2011.06.14 21:36:09 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.06.14 21:31:46 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.06.14 16:07:59 | 000,001,488 | ---- | M] () -- C:\Users\Sascha\Desktop\JustCause2.exe - Verknüpfung.lnk [2011.06.11 16:15:30 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.06.06 18:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2011.06.05 20:00:28 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011.06.05 20:00:28 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011.06.05 19:59:26 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\DiRT 3.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.03 18:35:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.03 16:32:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.07.03 16:32:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.07.03 16:32:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.07.03 16:32:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.07.03 16:32:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.06.29 18:52:34 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI [2011.06.29 17:20:10 | 000,000,600 | ---- | C] () -- C:\Users\Sascha\AppData\Local\PUTTY.RND [2011.06.29 17:10:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.23 23:06:04 | 000,000,995 | ---- | C] () -- C:\Users\Sascha\Desktop\eclipse.exe - Verknüpfung.lnk [2011.06.21 14:49:49 | 000,233,765 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2011.06.21 14:49:46 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2011.06.21 14:49:46 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2011.06.21 14:49:44 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2011.06.21 14:49:38 | 000,032,635 | ---- | C] () -- C:\Windows\atiogl.xml [2011.06.19 21:02:39 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd [2011.06.17 22:33:36 | 000,001,125 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk [2011.06.17 22:33:36 | 000,001,095 | ---- | C] () -- C:\Users\Sascha\Desktop\Trillian.lnk [2011.06.17 22:33:36 | 000,001,047 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2011.06.17 14:22:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.17 14:22:22 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.06.17 13:30:23 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\Gabelstapler Simulator 2009.lnk [2011.06.15 21:39:07 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Pokemon World Online.lnk [2011.06.15 21:38:49 | 000,000,163 | ---- | C] () -- C:\Users\Sascha\Documents\PWOOptions.ini [2011.06.15 20:12:14 | 000,000,132 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.06.15 18:43:41 | 000,000,712 | ---- | C] () -- C:\Users\Sascha\Desktop\Microsoft Flight Simulator X - Verknüpfung.lnk [2011.06.14 21:36:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.06.14 21:31:46 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.06.14 16:07:59 | 000,001,488 | ---- | C] () -- C:\Users\Sascha\Desktop\JustCause2.exe - Verknüpfung.lnk [2011.06.11 16:15:30 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.06.05 20:00:55 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.06.05 19:59:26 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk [2011.06.05 11:44:14 | 018,853,376 | R--- | C] () -- C:\Program Files (x86)\CryEngine(R)2 Sandbox(TM)2.msi [2011.05.25 17:40:59 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.05.25 17:40:59 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.05.25 17:30:34 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.05.25 17:30:34 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.05.19 15:21:23 | 000,005,632 | ---- | C] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.17 22:41:05 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2011.05.17 22:41:05 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2011.05.11 23:07:41 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.11 17:00:34 | 001,819,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.10 21:27:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.05.30 23:13:22 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\.minecraft [2011.05.30 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\.minecraft_xray [2011.05.10 21:33:17 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Leadertech [2011.05.25 22:23:36 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\LolClient [2011.05.11 16:55:48 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Publish Providers [2011.05.11 16:58:55 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Sony [2011.07.03 16:25:11 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.05.16 22:04:20 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\TeamViewer [2011.06.17 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Trillian [2011.06.29 19:50:26 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\TS3Client [2009.07.14 07:08:49 | 000,021,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.30 23:13:22 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\.minecraft [2011.05.30 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\.minecraft_xray [2011.05.15 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Adobe [2011.07.03 16:25:12 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Adobe Mini Bridge CS5 [2011.05.10 21:28:05 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\ATI [2011.05.10 21:11:09 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Identities [2011.05.25 17:05:35 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\InstallShield [2011.05.10 21:33:17 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Leadertech [2011.05.10 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Logishrd [2011.05.10 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Logitech [2011.05.25 22:23:36 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\LolClient [2011.05.10 21:21:43 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Macromedia [2011.07.03 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Malwarebytes [2010.11.21 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Media Center Programs [2011.06.15 18:29:58 | 000,000,000 | --SD | M] -- C:\Users\Sascha\AppData\Roaming\Microsoft [2011.05.10 21:29:46 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Mozilla [2011.05.11 16:55:48 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Publish Providers [2011.07.03 21:45:36 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Skype [2011.07.03 16:05:26 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\skypePM [2011.05.11 16:58:55 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Sony [2011.07.03 16:25:11 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.05.16 22:04:20 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\TeamViewer [2011.06.17 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Trillian [2011.06.29 19:50:26 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\TS3Client [2011.06.06 16:19:36 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\VMware [2011.05.11 16:40:29 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.03.01 15:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Sascha\AppData\Roaming\.minecraft\Minecraft Beta Cracked.exe [2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Sascha\AppData\Roaming\.minecraft\Minecraft Updater.exe [2010.09.25 11:15:25 | 000,232,159 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\.minecraft\Minecraft.exe [2011.05.30 22:48:58 | 000,290,836 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\.minecraft\Uninstall.exe [2011.05.11 21:14:13 | 000,010,134 | R--- | M] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe [2011.05.10 21:33:16 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Sascha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.05.10 21:14:49 | 000,010,134 | R--- | M] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Installer\{51B5CAB0-6F72-4086-BB0D-42D0BDC88F67}\ARPPRODUCTICON.exe [2011.06.05 11:47:45 | 000,010,134 | R--- | M] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Installer\{7E4B7FD9-4ECE-4298-A910-3160B7918059}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.11.21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Greez, ExEcutAblE |
|
04.07.2011, 09:36
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem Langsam. Troz Registry und Festplattenbereinigung.Zitat:
__________________ --> Rechner extrem Langsam. Troz Registry und Festplattenbereinigung. |
|
| Themen zu Rechner extrem Langsam. Troz Registry und Festplattenbereinigung. |
| acrobat update, adobe, asus, combofix, cpu, dateien, defender, device driver, festplatte, firefox, generic, helper, launch, log, microsoft security, microsoft security essentials, mozilla, mp3, neu, nvidia, object, performance, registry, security, software, sptd.sys, start menu, system, system32, syswow64, updates, windows, windows 7 ultimate, wireless |
Textbox.
.
